Home » Comunicat_Presa_15.06.2023
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

15.06.2023

 

Sanction for the GDPR infringement

 

The National Supervisory Authority finalized in May 2023 an investigation at the controller Artima SA and found the breach of the provisions of Article 32 paragraph (1) letter b) and of Article 32 paragraph (20 and (4) from Regulation (EU) 2016/679.

Therefore, the controller was sanctioned with fine in amount of Lei 39,712 (the equivalent of EUR 8,000).

The investigation was started following a personal data security breach notification.

Within the investigation if resulted that employees of the controller have accessed the video surveillance system and recorded with the personal mobile phone the monitor on which the records of the system were displayed. Subsequently, one of the employees provided the images to a third party (outside the controller), and those images were posted by that person on Facebook.

The National Supervisory Authority found that Artima S.A. did not implement adequate technical and organizational measures in order to ensure a level of security corresponding to the processing risk, generated specifically, accidentally of illegally, by the destruction, loss, modification, unauthorized disclosure or unauthorized access to the personal data stores of processed in another manner.

Through the incident that took place the image of a natural personal, the vehicle registration number, color and brand of the vehicle were disclosed, which led to the loss of the personal data confidentiality, caused by the breach of the internal procedures of Artima S.A..

We underline that the controller had the obligation to ensure that any natural person acting under the authority of the controller and that has access to personal data processes them solely at the request of the controller.

At the same time, within the investigation, based on Article 58 paragraph (2) letter d) from Regulation (EU) 2016/679 also the corrective measure to implement a monitoring solution for the application of the working procedures already implemented in order to avoid similar security incidents was applied to the controller.

 

Legal and Communication Department

A.N.S.P.D.C.P.